Re: Pentesting RoR

I recommend becoming familiar with the Rails framework. Since the
construction of an application is normalized to a certain format,
certain risks are normalized as well. If you read up on REST
development, you can also get insight in to safe and unsafe URLs that
exist within the Rails framework.

On 7/16/07, Mister Dookie <misterdookie@xxxxxxxxx> wrote:

So a client is setting up a webapp written in Ruby on Rails with a
MySQL backend.

I do not have much experience with Ruby exploits or SQL injection against Ruby.

Can some list members give me some insight or point me in the right
direction? I know the new Metasploit is written using Ruby. Does that
make it a better pentest platform (just one of the tools) for me?
Thanks! Regards, John